Books

Growth 365

Tomas Laurinavicius

ChaptersThe Stack X-Ray

The Stack X-Ray

Read a company's shipping tempo off its response headers.

Every server answers a request with more than a page. Before a single byte of content loads, it hands over a stack of headers naming the platform underneath, and almost nobody strips that fingerprint out. One curl command tells you whether a company ships through a modern deploy pipeline or has not touched its infrastructure in years.

What to do: curl -sI site.com | grep -iE "server|x-powered-by|x-vercel|x-cache"

Why it works: Every response carries the fingerprint of the platform serving it. The headers name the deploy pipeline, the CDN, and sometimes the CMS underneath, and stripping them out is extra work nobody bothers with.

Example: In July 2026, vercel.com and cursor.com both answered server: Vercel, and vercel.com layered x-powered-by: Next.js, Payload on top. Hacker News answered with bare nginx and nothing else. TechCrunch answered nginx fronting x-powered-by: WordPress VIP. Four companies, four different operating postures, read off one header block each.

Walk it through

I ran this against a spread of four sites in July 2026. Here is what came back.

1. Grep the headers across the spread.

for d in vercel.com cursor.com news.ycombinator.com techcrunch.com; do
  echo "=== $d ==="
  curl -sI -A "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "https://$d" \
    | grep -iE "server|x-powered-by|x-vercel-cache|x-cache"
done

Four requests, one grep pattern, and you get the stack signature for every company in the list side by side.

curl against vercel.com, cursor.com, news.ycombinator.com, and techcrunch.com shows Vercel, bare nginx, and WordPress VIP stacks side by side

Read down the block. vercel.com and cursor.com both come back server: Vercel, but only vercel.com adds x-powered-by: Next.js, Payload, since that header only shows up when the app framework announces itself. news.ycombinator.com returns nothing but server: nginx. techcrunch.com also returns nginx, but with x-powered-by: WordPress VIP and a live x-cache value riding on top.

2. Confirm the one that breaks convention. Hacker News rejects a plain HEAD.

curl -sI https://news.ycombinator.com
curl -sI -X GET https://news.ycombinator.com

A HEAD request is supposed to be safe on any server, so when one refuses it, that refusal is worth a second look.

curl -sI against Hacker News returns 405, curl -sI -X GET returns 200 with bare nginx headers underneath

The plain HEAD comes back 405, method not allowed, and the only reason you learn server: nginx at all is that the header ships on the error response too. Swap to curl -sI -X GET and you get a real 200 with the actual page's headers behind it, still bare nginx, still nothing extra. That is a server configured to refuse anything but a full request, which is its own kind of statement about how little this stack has changed.

3. Pull the full header block on the WordPress VIP site.

curl -sI https://techcrunch.com

Drop the grep filter here and read everything the server hands back.

Full header block for techcrunch.com showing x-powered-by WordPress VIP, x-cache HIT, and the x-hacker easter egg header

x-powered-by: WordPress VIP names the managed hosting tier, and x-cache: HIT right below it means this response came from a cache layer, not fresh off the app server. There is even an x-hacker header, a recruiting easter egg Automattic engineers leave running in production, that has nothing to do with performance and everything to do with a company confident enough in its stack to joke around in the response.

The read

  • Vercel plus a framework name is a deploy pipeline. server: Vercel with x-powered-by: Next.js, Payload means someone pushes to this site constantly, through a pipeline built for shipping fast, not for caution.
  • Bare nginx is a stack frozen by design. No x-powered-by, no cache header, no extras. Hacker News has looked the same for years, and the headers confirm nobody is touching the infrastructure layer.
  • A CMS plus a cache header is a hybrid. WordPress VIP with x-cache: HIT is real operational muscle bolted onto a content platform, built to survive traffic spikes, not to ship a new deploy every hour.

Steal it

Run the same grep against your three closest competitors and your own site, side by side. If two of them show a deploy-pipeline stack and yours shows a stack frozen in place with no cache layer, that gap is exactly why they can ship a pricing test or a new landing page faster than you can.

Then read what your own headers say about you. On a modern stack, that is a fact you can use in a sales conversation about reliability. Still on a bare server with no CDN, a competitor running this exact command against you just learned that, for free, in about ten seconds.

Gotchas

  • HEAD is not universal. Some servers, Hacker News included, reject HEAD outright with a 405. If you get an error status instead of headers, retry with curl -sI -X GET.
  • Bot-shaped requests sometimes get blocked, not answered. Vercel and Cloudflare both run edge bot-defense that can return a 403 with a mitigation header instead of the real response. Retry from a normal browser user agent, and treat the block itself as a signal that edge defense is running.
  • This is a label check, not a scanner. One request per site tells you what you need. Hitting a competitor's infrastructure on a loop to map every edge case is a step past reading the label and into probing, and that is not the play.